feat: update ot synchronous gpio and rotate keys

scripts/configure-pios-sd.sh

@@ -3,7 +3,7 @@ set -euo pipefail
 
 BOOTFS=${1:-/run/media/jet/bootfs}
 ROOTFS=${2:-/run/media/jet/rootfs}
-HOSTNAME=noisebridge-pi
+HOSTNAME=noisebell-pi
 WIFI_SSID=Noisebridge
 WIFI_PASSWORD=noisebridge
 PI_USERNAME=pi

scripts/deploy-full-pi.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-TARGET_HOST=${1:-root@noisebridge-pi.local}
+TARGET_HOST=${1:-root@noisebell-pi.local}
 
 exec nixos-rebuild switch --flake ".#pi" --target-host "$TARGET_HOST"

scripts/deploy-pios-pi.sh

@@ -1,7 +1,8 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-TARGET_HOST=${1:-pi@noisebridge-pi.local}
+TARGET_HOST=${1:-pi@noisebell-pi.local}
+DEPLOY_HOSTNAME=${DEPLOY_HOSTNAME:-noisebell-pi}
 SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)
 REPO_ROOT=$(cd -- "$SCRIPT_DIR/.." && pwd)
 RELEASE_ID=${RELEASE_ID:-$(date +%Y%m%d-%H%M%S)}
@@ -52,12 +53,23 @@ scp "${SSH_OPTS[@]}" "$TMP_DIR/cache-to-pi-key" "$TARGET_HOST:$REMOTE_TMP_DIR/ca
 scp "${SSH_OPTS[@]}" "$TMP_DIR/tailscale-auth-key" "$TARGET_HOST:$REMOTE_TMP_DIR/tailscale-auth-key"
 
 echo "Installing service and Tailscale on $TARGET_HOST..."
-ssh "${SSH_OPTS[@]}" "$TARGET_HOST" "REMOTE_RELEASE_DIR='$REMOTE_RELEASE_DIR' REMOTE_CURRENT_LINK='$REMOTE_CURRENT_LINK' REMOTE_TMP_DIR='$REMOTE_TMP_DIR' bash -s" <<'EOF'
+ssh "${SSH_OPTS[@]}" "$TARGET_HOST" "DEPLOY_HOSTNAME='$DEPLOY_HOSTNAME' REMOTE_RELEASE_DIR='$REMOTE_RELEASE_DIR' REMOTE_CURRENT_LINK='$REMOTE_CURRENT_LINK' REMOTE_TMP_DIR='$REMOTE_TMP_DIR' bash -s" <<'EOF'
 set -euo pipefail
 
 sudo apt-get update
 sudo apt-get install -y curl rsync avahi-daemon
 
+sudo hostnamectl set-hostname "$DEPLOY_HOSTNAME"
+sudo tee /etc/hostname >/dev/null <<<"$DEPLOY_HOSTNAME"
+sudo tee /etc/hosts >/dev/null <<HOSTSEOF
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+
+127.0.1.1		$DEPLOY_HOSTNAME
+HOSTSEOF
+
 if ! command -v tailscale >/dev/null 2>&1; then
   curl -fsSL https://tailscale.com/install.sh | sh
 fi
@@ -84,7 +96,7 @@ RUST_LOG=info
 ENVEOF
 sudo chmod 600 /etc/noisebell/noisebell.env
 
-sudo tee /etc/systemd/system/noisebell.service >/dev/null <<UNITEOF
+sudo tee /etc/systemd/system/noisebell.service >/dev/null <<'UNITEOF'
 [Unit]
 Description=Noisebell GPIO door monitor
 After=network-online.target tailscaled.service
@@ -94,7 +106,7 @@ Wants=network-online.target
 Type=notify
 NotifyAccess=all
 EnvironmentFile=/etc/noisebell/noisebell.env
-ExecStart=/bin/bash -lc 'export NOISEBELL_API_KEY="$$(cat /etc/noisebell/pi-to-cache-key)"; export NOISEBELL_INBOUND_API_KEY="$$(cat /etc/noisebell/cache-to-pi-key)"; exec ${REMOTE_CURRENT_LINK}/noisebell'
+ExecStart=/bin/bash -lc 'export NOISEBELL_API_KEY="$$(cat /etc/noisebell/pi-to-cache-key)"; export NOISEBELL_INBOUND_API_KEY="$$(cat /etc/noisebell/cache-to-pi-key)"; exec /opt/noisebell/current/noisebell'
 Restart=on-failure
 RestartSec=5
 WatchdogSec=30
@@ -105,9 +117,11 @@ UNITEOF
 
 sudo ln -sfn "$REMOTE_RELEASE_DIR" "$REMOTE_CURRENT_LINK"
 sudo systemctl daemon-reload
-sudo systemctl enable --now noisebell.service
+sudo systemctl enable noisebell.service
+sudo systemctl restart noisebell.service
+sudo systemctl restart avahi-daemon
 
-sudo tailscale up --auth-key="$(sudo cat /etc/noisebell/tailscale-auth-key)" --hostname=noisebridge-pi || true
+sudo tailscale up --auth-key="$(sudo cat /etc/noisebell/tailscale-auth-key)" --hostname=noisebell-pi || true
 
 rmdir "$REMOTE_TMP_DIR" 2>/dev/null || true